eConnexis is committed to maintaining the confidentiality of information entrusted to us by our healthcare clients, especially Protected Health Information. eConnexis protects the confidentiality of information it receives by adhering to the requirements of the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule governs the acquisition, storage, transfer and retention of Protected Health Information, in both electronic and paper formats. The Security Rule covers all information acquired, maintained or transferred electronically. We comply with all business associate obligations under HIPAA/HITECH, enabling us to provide the highest level of service to our health carecustomers.
The Security Standards define administrative, physical, and technical safeguards necessary to protect the confidentiality, integrity, and availability of electronic protected health information from unauthorized access, alteration, deletion, and transmission. As such eConnexis has implemented the following policies:
a. All access from the Internet to the database server is restricted with the exception of the web server. From the web server only SQL*Net traffic is allowed. All other services between the web server and our internal network have been disabled.
b. All application web page requests, uploads and downloads require an SSL secured connection with 128-bit cipher strength.
c. To connect to the application, the system requires a username/password/company logon combination for access.
d. Each user is assigned their own logon combination.
e. All failed attempts to connect to the application are recorded and monitored.
f. As the user navigates through the application, each page visited is recorded.
g. Access to claim data is logged; whether access was to patient sensitive or non-sensitive data is also logged.
h. Customers are assigned a local administrator to manage user access specific to their company. Users can be restricted from application modules, functionality and/or claim data.
i. All claim data is stored under specific customer identifiers preventing unauthorized access of data between clients. Customers do not share patient data.
j. FTP transfers are conducted via VPN which is setup between both sites to transmit a file or by a secure dialup line, which is established to transmit the file
k. All modifications made to the data are stored in the database as revisions. Revisions contain the user that modified the data and the date/time the modification was made.
l. A full database backup is made once a week and delivered offsite to a secure storage facility in case disaster recovery is needed. An online backup is done every night for data recoverability.
The Privacy Rule sets standards for how protected health information should be controlled by setting forth what uses and disclosures are authorized or required and what rights patients have with respect to their health information.
eConnexis does not disclose protected health information and only uses protected health information as authorized by our business associates.
eConnexis reminds it`s users of the responsibility to safeguard the protected health information by displaying a "Privacy Notice" each time the customer logs into the application which the user must acknowledge to gain access to the application.